31
Catzwolf
Re: Xoops and Modules Vulnerabilities
  • 2007/4/8 10:25

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Is there a thick plank of wood that prevents information getting to the logic side of your brain? Because I am seriously beginning to wonder.

1. You stated that in that security post that XOOPS Core had exploits. I stated to you that post was not about the core but with a module called WF-Downloads (Xoops team modified it to their needs).

example : The proof in the pudding here

2. You stated that there was no Token system in Xoops; I proved my point with two arguments one proved by a file called xoopssecurity.php and another by some other post asking about XOOPS Token expired.

3. I stated to you that all the exploits you found are due to 3rd party MODULES that are either not maintained or not updated when they should be.

4. GiJoes protector Module main function is to protect against badly written modules that do not use core functions such as xoopsObject to sanitize against sql injections etc etc.

Now, instead of bad mouthing people because you think we are not listening to you and you are to arrogant to admit defeat, why don't you actually go look through the code and come back with some real examples of the XOOPS core that requires 'cleaning' up or better still join the core team and fix the problems you see.

You could do one of the following:
1. Report a core bug here
Xoops Bug Reports

2. Report module bug reports here Module bug reports here

Now, you are fast losing any respect I have for you. I have been as nice as I will be to someone who behaves in the manner you do, and still expects to be listened to. You either quit calling people names because you are to arrogant to admit you are wrong or you could be doing this is a more polite manner or stop posting and go use another CMS.

Regarding Joomla, drupal and XoopsCube. You state these have these are not secure either. I suspect the 10' thousands of users who use these system will disagree with you. The big difference between open source and commercial CMS is that the open source WILL tell you that there are exploits and bugs, you think its good for commercial software to say that?

Oh and thank you for your good wishes.

ATB

Catz

32
xguide
Re: Xoops and Modules Vulnerabilities
  • 2007/4/8 10:52

  • xguide

  • Just popping in

  • Posts: 43

  • Since: 2005/5/11


I do not need to compete with you. Because i think it is not fair to compete with people who do not have same competences on same category. You do not read my first post and you try to create competition here to make your point. I think you have other plans and different agenda to XOOPS because you do not have competences to code your application and create your community. It let me think you try to manipulate XOOPS users opinion for your interest. My first post was:

Quote:
Programmers are busy with code and moderators with support.
Users can visit frequently the security site:

here

Users can report to developers security problems.
It is easy way to contribute.

Good Luck.


You are off topic and you do not understand it is important to users to update modules and protect at minimum XOOPS sites. XOOPS need users to contribute because it is open source project. It is not me your problem. It is your lack of competences to code your own secure module or application, create your community and your interest over xoops. It is not my interest to loose time with people like you. Act intelligent and do not loose your time to reply. You have nothing to teach me. The problem is XOOPS authentification for business professional. I

Good Luck.

33
JMorris
Re: Xoops and Modules Vulnerabilities
  • 2007/4/8 12:47

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


xguide,

As cited earlier, your posts are in violation of XOOPSiquette.

Specifically,

Quote:
Language - Do not use offensive language. We are here for people of all ages, and want everone to feel comfortable. Offensive language constitutes as profanity, racial, ethnic, and gender based insults or any other personal discriminations, and posts meant to offend or hurt any other member or their work. If you need to say something do it with the facts but not with insults.

Spamming and Trolling - We do not tolerate spamming or trolling in any place.


The moderators on this site have been tolerant of your abusive tone because we at XOOPS value security 1st. While your approach has been quite lacking, and your information quite incomplete, you have brought up important points that users need to keep in mind...

Keep your XOOPS install up to date
Keep your modules up to date
Install the protector module

Other than that, you've mainly just insulted people and called them names. Also, you were involved in one way or another in malicious access of this site, which in itself is enough for a permanent banning.

Enough people have stated on this site that you have been insulting. That is the reason I'm issuing a final warning.

Stop insulting users and developers on this site or you will be permanently banned from all XOOPS.org websites.

Furthermore, if you know of any security vulnerability and you know of the code that is effected, is IS your responsibility to report this information to the developers. It's called "doing the right thing".

If you cannot comply, then I highly suggest you find yourself another CMS where your poor manors and 1/2 measure contributions will be tolerated because they will not be tolerated here.

Good luck.
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.

34
tom
Re: Xoops and Modules Vulnerabilities
  • 2007/4/8 13:28

  • tom

  • Friend of XOOPS

  • Posts: 1359

  • Since: 2002/9/21


Personally I feel that if the protector module adds security for XOOPS users then it should be included or coded with the core, can I ask is there any particular reason why it isn't?

I know you guys are patient, and security is import, but why are you tolerating this guy, I've read just about all his posts, and to be honest he's done nothing but insult in one form or another.

I've been speaking with various developers via E-mail over the last two weeks, they script standalone things, but I've been trying to get them to modulise these for XOOPS users, as it's what people are asking for, and so far I've had two agree to make there work into an XOOPS version as well, however if they keep seeing these types of posts, it won't be a good first impression and I'm sure it will put them off.

At the end of the day you've listened to this guy, you've advised this guy, he's given little to confirm what he is saying and doesn't seem to acknowledge what your saying, can't we just lock this and move on, perhaps even ban.

Personally I hate banning, but there's only so many times you can go in a circle, and only so many times you can bang you head against a brick wall.

Hey Catz you mention pudding, mmmmmmmmmmm puddddddddddding........ oh you meant something else, lol and when you gonna come on MSN I miss your insults kilt boy,
Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

35
JMorris
Re: Xoops and Modules Vulnerabilities
  • 2007/4/8 13:33

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


Quote:
Personally I feel that if the protector module adds security for XOOPS users then it should be included or coded with the core, can I ask is there any particular reason why it isn't?


The 2.0.x branch of the core is frozen with the exception of major security updates. At this point, nobody has conclusively proven that there is a core vulnerability. Only modules have been proven vulnerable.

From my understanding of discussions with Skalpa, much of the features offered by the Protector module will be included in the 2.3 branch as well as other protection mechanisms not offered by the Protector module.

Quote:
At the end of the day you've listened to this guy, you've advised this guy, he's given little to confirm what he is saying and doesn't seem to acknowledge what your saying, can't we just lock this and move on, perhaps even ban.


Agreed, I'm locking this topic.
Insanity can be defined as "doing the same thing over and over and expecting different results."

Stupidity is not a crime. Therefore, you are free to go.

Login

Who's Online

72 user(s) are online (50 user(s) are browsing Support Forums)


Members: 0


Guests: 72


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits